Share this:

Are you worried about the security of client data and other sensitive information you are routinely including in your Outlook emails? You ought to be.

But perhaps more importantly, what are you doing about it?

The Microsoft website, here, says that: “sometimes you want additional protection for your e-mail communication to keep it from unwanted eyes. Encrypting an e-mail message in Microsoft Office Outlook 2007 protects the privacy of the message by converting it from (readable) plaintext into (scrambled) ciphertext. Only the recipient who has theprivate key that matches the public key used to encrypt the message can decipher the message for reading. Any recipient without the corresponding private key would see only garbled text.”

That didn’t make much sense to me when I first read it so I tried to get a better handle on it from the wisegeek.com website: “Encryption software turns readable text into unreadable cipher by applying algorithms that can only be reversed by the passphrase or key. There are secure forms of encryption and insecure forms, as weak algorithms can be broken by the same computer power that generates strong algorithms. The current standard adopted by the US Government is the Advanced Encryption Standard (AES), based on 128-bit blocks. The former standard known as the Data Encryption Standard (DES) is based on 56-bit blocks and is now considered insecure.”

Now you know. It’s like the German secret codes – but remember that they were broken at Bletchley Park during World War II.

Encrypt was a television movie that premiered in June 2003 on the Sci-Fi Channel. Set in the year 2068, the Earth’s surface is in a cataclysmic upheaval, much of it transformed into wasteland by unstoppable storms (the by-product of the destruction of the ozone layer). There’s been a small earthquake this week in North Devon and it seems as if anywhere in the UK that’s flat and near water, is suffering a cataclysmic upheaval.

This all sounds a little bit Q’ish (I’m sure you remember Q from the James Bond films), so earlier this week when I read that a US company (IronBox) who are just down the road from Microsoft in Redmond, had launched E-Mail Encryption for Accounting and Law Firms, I investigated further.

Ironbox say: “Due to significant fines, class-action lawsuits, NSA snooping, embarrassing corporate data breach disclosures and increased regulation, secure email communication has never been more important. Tools to protect (encrypt) email communications have historically been quite difficult to use for both sender and recipient, were cost prohibitive and required significant ongoing maintenance.”

IronBox say that they have changed all that with the introduction of IronBox for Microsoft Outlook. Claiming its ease of use, they say: “The IronBox Outlook plugin is designed so that users with no encryption experience or skills can easily apply sophisticated security to their emails and attachments. To send an encrypted email, compose the email message as usual, including any attachments. When it is ready to send, simply click on the IronBox button, and it automatically encrypts the message.”.

The IronBox plugin for Outlook claims to make encryption easy to apply, offering a single button that users can hit to encrypt a particular e-mail. With other solutions, most users run into the problem of handling digital certificates. They don’t know how to acquire/setup their own digital certificate and ID, and certainly their customers if they are not technical users won’t either. That’s no problem with IronBox.To protect against unintentional data breaches, the tool also uses its proprietary IronSight technology to automatically scan all outgoing Outlook messages and attachments for known sensitive data, and alerts the sender before the message is sent. I tried it and it works.

Specific benefits from IronBox include:

Email recipients might not be using a client that supports encryption (for example if they are using a Web interface from GoDaddy).

Costs – some places charge you for a digital cert, and others do not – and you have to renew every year).

Easier workflow, people know how to double click on Word and PDF documents and enter passwords, but probably not selecting/installing encryption keys/digital certs.

To sum things up,IronBox provides an easier and more convenient user experience for both senders and recipients.

IronBox is currently offering a 30-day free trial; the monthly subscriptions is $9.99.

IronBox for Accounting and Law Firms

Accounting and Law firms caught the attention of IronBox as a very interesting market. Both handle lots of sensitive information every day for their clients. IronBox say that these firms are not regulated like other industries that have very strict and specific data protection requirements – I’m not sure that is entirely true, by the way. Even so, the IronBox plugin for Outlook gives accountants and lawyers a really simple way to meet those client expectations.

A big driver for IronBox was to create a plugin that just about anyone could use. It provides “Click a button, enter a password and away you go” functionality.

It’s important to point out that IronBox aren’t the only ones who are in this markeplace. Google “email encryption” and you will find several offerings from other companies. Here are a few that I found:

I couldn’t say whether or not IronBox is unbreakable or infallible, but in most situations it seems to me that it’s miles better than nothing at all.

The only concern I had was whether the IronBox solution also handled encryption of emails sent from mobiles etc. – the company assures me that IronBox does work in a mobile environment: sending the encrypted email as a PDF will give the best compatibility since most devices don’t natively support Microsoft Word. The sending process is the same as with laptops, and desktop computers, with no additional steps.

Martin Pollins is a Chartered Accountant with wide experience in corporate finance and business management. He holds a number of directorships and has served on the boards of several companies, including those listed on the London Stock Exchange, AIM and OFEX.

He was a Council member of the Institute of Chartered Accountants in England and Wales from 1988 to 1996.

Martin Pollins ran his own firm based in Sussex and was the first Accountancy firm in the UK to advertise on television and Martin went on to create and launch the CharterGroup Partnership (the UK's first Accountancy network) and then LawGroup UK (one of the largest networks of lawyers in the country).

Martin started work on the Bizezia concept in 1996, developing the broad range of information resources and products over the past 18 years.